There are two essential commands to execute, openssl (twice) and cat. (The other operations in the following list are more or less optional, but advisable for security considerations.)
The first instance of the openssl req -new command construct generates the private/public key pair which will be combined into a common file (arbitrarily named server.pem in this example . . .just be consistent in your jabberd component *.xml configuration files), once the passphrase is removed.
For your information, the dialogue of the openssl req -new construct as follows:
The resulting combined file (server.pem) containing the public certificate and the RSA private key stripped of the passphrase:
Before the passphrase was removed, the RSA private key (privkey.pem) looked like this:
Code:
# cd /usr/local/etc/jabberd/.ssh [font="Arial"][I][color="Blue"]. . .or your path of choice[/color][/I][/font]
# [B]openssl[/B] req -new -x509 -newkey rsa:1024 -days 3650 -keyout privkey.pem -out server.pem
# [B]openssl[/B] rsa -in privkey.pem -out privkey.pem [font="Arial"][I][color="Blue"]. . .to remove the passphrase[/color][/I][/font]
# [B]cat[/B] privkey.pem >> server.pem [font="Arial"][I][color="Blue"]. . .combine both the private key and the public certificate into a common file, [FILE]server.pem[/FILE][/color][/I][/font]
# rm privkey.pem
# chown root:jabber server.pem
# chmod 640 server.pemThe first instance of the openssl req -new command construct generates the private/public key pair which will be combined into a common file (arbitrarily named server.pem in this example . . .just be consistent in your jabberd component *.xml configuration files), once the passphrase is removed.
For your information, the dialogue of the openssl req -new construct as follows:
Code:
Generating a 1024 bit RSA private key
...........................++++++
......++++++
writing new private key to 'privkey.pem' [font="Arial"][color="Blue"][I]. . .private key file is generated without admin. intervention, but is empty at this point.[/I][/color][/font]
Enter (private key) PEM pass phrase: "whatever" [font="Arial"][color="Blue"][I]. . .it will be removed anyway.[/I][/color][/font]
Verifying - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:[B]US[/B]
State or Province Name (full name) [Some-State]:[B]Arkansas[/B]
Locality Name (eg, city) []:[B]Little Rock[/B]
Organization Name (eg, company) [Internet Widgits Pty Ltd]:[B]FooBar Network Services[/B]
Organizational Unit Name (eg, section) []:[B]IT[/B]
Common Name (eg, YOUR name) []:[B]foobar.net[/B]
Email Address []:[B]John.Smith@foobar.net[/B]The resulting combined file (server.pem) containing the public certificate and the RSA private key stripped of the passphrase:
Code:
-----BEGIN CERTIFICATE-----
MIID4zCCA0ygAwIBAgIJAKv4v1LLW1Y5MA0GCSqGSIb3DQEBBQUAMIGoMQswCQYD
[I][color="Blue"][font="Arial"]. . .nineteen additional lines[/font][/color][/I]
mtF5HGy99+Su6/+63ybyHZee6sXB4Bdqv2kh6ATAB1RDu2nVxu1I
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQCr1DLAmxpHUZ2vmHGtUIzmLCdlmlS/KsJETXeikNqoJgJgVuZQ
[I][color="Blue"][font="Arial"]. . .eleven additional lines[/font][/color][/I]
AWIM4MJTj270Idvf2ZNROvnTFfDaZVsmPAQcTeZiYhE=
-----END RSA PRIVATE KEY-----Before the passphrase was removed, the RSA private key (privkey.pem) looked like this:
Code:
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,42E29F1D1FA0E01B
+GyJe923X/+N/9v6WMS7h1qhZ3rk/dCqutWvOtv0btwbLxd1LyBuoIGau4A0RPMQ
[I][color="Blue"][font="Arial"]. . .eleven additional lines[/font][/color][/I]
PkV0tI36tBnSt689v4IfX9DLm2YQAZd1GS2MvrGOqsIib79kGLu/cw==
-----END RSA PRIVATE KEY-----